rhsa-2023_5974
Vulnerability from csaf_redhat
Published
2023-10-20 16:49
Modified
2024-11-08 14:24
Summary
Red Hat Security Advisory: Network Observability security update
Notes
Topic
An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5974", "url": "https://access.redhat.com/errata/RHSA-2023:5974" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "2222167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167" }, { "category": "external", "summary": "2228743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743" }, { "category": "external", "summary": "2237773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773" }, { "category": "external", "summary": "2237776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776" }, { "category": "external", "summary": "2237777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777" }, { "category": "external", "summary": "2237778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778" }, { "category": "external", "summary": "2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "NETOBSERV-1344", "url": "https://issues.redhat.com/browse/NETOBSERV-1344" }, { "category": "external", "summary": "NETOBSERV-926", "url": "https://issues.redhat.com/browse/NETOBSERV-926" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5974.json" } ], "title": "Red Hat Security Advisory: Network Observability security update", "tracking": { "current_release_date": "2024-11-08T14:24:47+00:00", "generator": { "date": "2024-11-08T14:24:47+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:5974", "initial_release_date": "2023-10-20T16:49:58+00:00", "revision_history": [ { "date": "2023-10-20T16:49:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-20T16:49:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-08T14:24:47+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "NETOBSERV 1.4 for RHEL 9", "product": { "name": "NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:network_observ_optr:1.4.0::el9" } } } ], "category": "product_family", "name": "Network Observability" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64", "product_id": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "product_id": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le", "product_id": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "product_id": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "product_id": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "product": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "product": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "product": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.4.0-51" } } }, { "category": "product_version", "name": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "product": { "name": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "product_id": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.4.0-70" } } }, { "category": "product_version", "name": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "product": { "name": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "product_id": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "product_identification_helper": { "purl": "pkg:oci/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.4.0-51" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le" }, "product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le" }, "product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64" }, "product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" }, "product_reference": "network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64 as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" }, { "category": "default_component_of", "full_product_name": { "name": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le as a component of NETOBSERV 1.4 for RHEL 9", "product_id": "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" }, "product_reference": "network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le", "relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.4.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-29406", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-07-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2222167" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: insufficient sanitization of Host header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-29406" }, { "category": "external", "summary": "RHBZ#2222167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0" } ], "release_date": "2023-07-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: insufficient sanitization of Host header" }, { "cve": "CVE-2023-29409", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-08-03T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2228743" } ], "notes": [ { "category": "description", "text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-29409" }, { "category": "external", "summary": "RHBZ#2228743", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409", "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409" }, { "category": "external", "summary": "https://go.dev/cl/515257", "url": "https://go.dev/cl/515257" }, { "category": "external", "summary": "https://go.dev/issue/61460", "url": "https://go.dev/issue/61460" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-1987", "url": "https://pkg.go.dev/vuln/GO-2023-1987" } ], "release_date": "2023-08-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys" }, { "acknowledgments": [ { "names": [ "Takeshi Kaneko" ], "organization": "GMO Cybersecurity by Ierae, Inc." } ], "cve": "CVE-2023-39318", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237776" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: improper handling of HTML-like comments within script contexts", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39318" }, { "category": "external", "summary": "RHBZ#2237776", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318" }, { "category": "external", "summary": "https://go.dev/cl/526156", "url": "https://go.dev/cl/526156" }, { "category": "external", "summary": "https://go.dev/issue/62196", "url": "https://go.dev/issue/62196" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2041.json", "url": "https://vuln.go.dev/ID/GO-2023-2041.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: improper handling of HTML-like comments within script contexts" }, { "acknowledgments": [ { "names": [ "Takeshi Kaneko" ], "organization": "GMO Cybersecurity by Ierae, Inc." } ], "cve": "CVE-2023-39319", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237773" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: html/template: improper handling of special tags within script contexts", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39319" }, { "category": "external", "summary": "RHBZ#2237773", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319" }, { "category": "external", "summary": "https://go.dev/cl/526157", "url": "https://go.dev/cl/526157" }, { "category": "external", "summary": "https://go.dev/issue/62197", "url": "https://go.dev/issue/62197" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2043.json", "url": "https://vuln.go.dev/ID/GO-2023-2043.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: html/template: improper handling of special tags within script contexts" }, { "acknowledgments": [ { "names": [ "Martin Seemann" ] } ], "cve": "CVE-2023-39321", "discovery_date": "2023-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237777" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39321" }, { "category": "external", "summary": "RHBZ#2237777", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321" }, { "category": "external", "summary": "https://go.dev/cl/523039", "url": "https://go.dev/cl/523039" }, { "category": "external", "summary": "https://go.dev/issue/62266", "url": "https://go.dev/issue/62266" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2044.json", "url": "https://vuln.go.dev/ID/GO-2023-2044.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections" }, { "acknowledgments": [ { "names": [ "Marten Seemann" ] } ], "cve": "CVE-2023-39322", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-09-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2237778" } ], "notes": [ { "category": "description", "text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/tls: lack of a limit on buffered post-handshake", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39322" }, { "category": "external", "summary": "RHBZ#2237778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322" }, { "category": "external", "summary": "https://go.dev/cl/523039", "url": "https://go.dev/cl/523039" }, { "category": "external", "summary": "https://go.dev/issue/62266", "url": "https://go.dev/issue/62266" }, { "category": "external", "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ" }, { "category": "external", "summary": "https://vuln.go.dev/ID/GO-2023-2045.json", "url": "https://vuln.go.dev/ID/GO-2023-2045.json" } ], "release_date": "2023-09-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/tls: lack of a limit on buffered post-handshake" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "known_not_affected": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-20T16:49:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5974" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:5da2ecf1149394e0c64af7c8e8a2684012590838031e4c733d6eff7f30cd6265_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ae91d40862457c43c130aa081a66bcedca17dce7dce0f381143b244dd126bc12_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:ce5c9ef5800ed30888dcb23aa2ed9cf56bd83767d572a51e3e3e1509a2539063_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-console-plugin-rhel9@sha256:e0239a8ff86253729b9af04e6407283c51744497fea90d099afaceaa4fc823ec_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:27ecc916ce170d505d828742fa29d20143c4443343b101a2a9d75fe086b515f1_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:350a8565fb297353c81571bad33f0fca5ab129560ad7f15de242db98c4709b3c_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:488df8c38e377719771c758b71f1e966d76bb03da6217e09c29c21fec12c437d_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:84ffa04b7ae504efc0037c3ae14c0e4d4f99057593a2db2bbbfcf92e526d2c7c_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:03484bd14253a7340f754a6f1aef5659cfd5a6844ffbdfb2f215321b6fc63644_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:2dc033562cb43480543ff398284933993006741e83f453228a9902a2c9b3ff1d_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:61c172961af1a895e9cb355573f1f8a780e7acecc505c58c18faeb9fc49efa66_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:a297d29025aa9d1e963daf0c4b076533da59ddd84825e79d6e6b0e921e8c2588_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:1607eb2595aa0679f571d81c19840cfaf923908553b05d479bd35b2290b1d7e6_ppc64le", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:6f998bb3b7d5311d8e74b25f8fcfe4ae65897270da3c0763ca2cb1d763135bc4_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:8214855b40028fdd2def40116f4585bd50f42ef0948713d63e163840079e8be7_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-operator-bundle@sha256:e6e8f0a739c61bbd94a61bb75d81ef1af551a4e57ed4a64e583adce62c82af9c_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:66d6fed71915dce2d8b8386cf661590bd374e27baa26a7c2cddd1916386922ce_amd64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:67167e08f0883c273e98810ad44288c4355ce2af13859021e2973c075c56cf9f_s390x", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:8596630dd1c175bf6dd29470c009e850d8b8fd465f3d9dcee8338a4aeca8dc64_arm64", "9Base-NETWORK-OBSERVABILITY-1.4.0:network-observability/network-observability-rhel9-operator@sha256:be6bfe44af552d934c881db0177bee7e345d76442523b0ea0144610d5470ea45_ppc64le" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.